CN111461883A - Transaction processing method and device based on block chain and electronic equipment - Google Patents
Transaction processing method and device based on block chain and electronic equipment Download PDFInfo
- Publication number
- CN111461883A CN111461883A CN202010242577.9A CN202010242577A CN111461883A CN 111461883 A CN111461883 A CN 111461883A CN 202010242577 A CN202010242577 A CN 202010242577A CN 111461883 A CN111461883 A CN 111461883A
- Authority
- CN
- China
- Prior art keywords
- transaction
- execution environment
- trusted execution
- service initiator
- block chain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 8
- 239000003999 initiator Substances 0.000 claims abstract description 63
- 238000000034 method Methods 0.000 claims abstract description 31
- 238000012545 processing Methods 0.000 claims abstract description 20
- 238000012795 verification Methods 0.000 claims abstract description 17
- 238000004891 communication Methods 0.000 claims description 14
- 230000005540 biological transmission Effects 0.000 claims description 10
- 238000010586 diagram Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 5
- 238000004458 analytical method Methods 0.000 description 4
- 238000004590 computer program Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000011022 operating instruction Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Business, Economics & Management (AREA)
- Physics & Mathematics (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- General Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- Bioethics (AREA)
- Strategic Management (AREA)
- Marketing (AREA)
- Economics (AREA)
- Development Economics (AREA)
- Health & Medical Sciences (AREA)
- Technology Law (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
One or more embodiments of the present specification disclose a transaction processing method, apparatus and electronic device based on a blockchain, the method comprising: the trusted execution environment is deployed on each block chain node point on the block chain network, the received transaction is signed by a private key of a service initiator, and a public key of the trusted execution environment deployed by each block chain node point of the block chain network is used for encryption processing; in this way, the transaction may be decrypted based on the private key of the trusted execution environment and executed within the local trusted execution environment after the verification signature passes; and the state data generated by executing the transaction is encrypted and stored by adopting a shared secret key of the trusted execution environment. Therefore, data such as transaction and state are only decrypted and known by a trusted execution environment, and the block link points and the environment outside the link cannot be analyzed and known, so that data security is guaranteed, and privacy disclosure is avoided.
Description
Technical Field
The present disclosure relates to the field of blockchain technologies, and in particular, to a method and an apparatus for processing a transaction based on a blockchain, and an electronic device.
Background
The blockchain is a decentralized and innovative solution for solving the multi-party trust problem by using a distributed book technology, and is a leading-edge technology of the current society.
In a traditional blockchain, data on the chain is completely transparent to nodes, so that certain privacy data are exposed at risk.
Disclosure of Invention
One or more embodiments of the present specification provide a method, an apparatus, and an electronic device for processing a transaction based on a blockchain, so as to implement protection on private data on the blockchain through a trusted execution environment deployed by a node.
To solve the above technical problem, one or more embodiments of the present specification are implemented as follows:
in a first aspect, a transaction processing method based on a blockchain is provided, which is applied to a blockchain network including a plurality of blockchain nodes, wherein each blockchain node is deployed with a trusted execution environment; the method comprises the following steps:
the block chain node receives a transaction sent by a service initiator, wherein the transaction is obtained by signature of a private key of the service initiator and encryption by using a public key of a trusted execution environment deployed by each block chain node of the block chain network;
decrypting the transaction based on a private key of the trusted execution environment and executing the transaction within a local trusted execution environment after the verification signature passes;
and encrypting and storing state data generated by executing the transaction by adopting the shared secret key of the trusted execution environment.
In a second aspect, a blockchain-based transaction processing apparatus is provided, which is applied to a blockchain network including a plurality of blockchain nodes, where each blockchain node is deployed with a trusted execution environment; the device comprises:
the receiving module is used for receiving a transaction sent by a service initiator, wherein the transaction is obtained by signature of a private key of the service initiator and encryption by using a public key of a trusted execution environment deployed by each block link node of the block chain network;
the execution module is used for decrypting the transaction based on the private key of the trusted execution environment and executing the transaction in the local trusted execution environment after the signature passes verification;
and the storage module is used for encrypting and storing the state data generated by executing the transaction by adopting the shared key of the trusted execution environment.
In a third aspect, an electronic device is provided, including:
a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to perform:
receiving a transaction sent by a service initiator, wherein the transaction is signed by a private key of the service initiator and is obtained by encrypting a public key of a trusted execution environment deployed by each block link point of the block chain network;
decrypting the transaction based on a private key of the trusted execution environment and executing the transaction within a local trusted execution environment after the verification signature passes;
and encrypting and storing state data generated by executing the transaction by adopting the shared secret key of the trusted execution environment.
In a fourth aspect, a computer-readable storage medium is presented, storing one or more programs which, when executed by an electronic device comprising a plurality of application programs, cause the electronic device to perform:
receiving a transaction sent by a service initiator, wherein the transaction is signed by a private key of the service initiator and is obtained by encrypting a public key of a trusted execution environment deployed by each block link point of the block chain network;
decrypting the transaction based on a private key of the trusted execution environment and executing the transaction within a local trusted execution environment after the verification signature passes;
and encrypting and storing state data generated by executing the transaction by adopting the shared secret key of the trusted execution environment.
According to the technical scheme provided by one or more embodiments of the specification, the trusted execution environment is deployed on each block link point on the block chain network, the received transaction is signed by the private key of the service initiator, and public key encryption processing of the trusted execution environment deployed by each block link point of the block chain network is used, so that the transaction can be decrypted based on the private key of the trusted execution environment, the transaction is executed in the local trusted execution environment after the signature is verified to pass, and the state data generated by executing the transaction is encrypted and stored by the shared key of the trusted execution environment.
Drawings
In order to more clearly illustrate one or more embodiments or prior art solutions of the present specification, reference will now be made briefly to the attached drawings, which are needed in the description of one or more embodiments or prior art, and it should be apparent that the drawings in the description below are only some of the embodiments described in the specification, and that other drawings may be obtained by those skilled in the art without inventive exercise.
Fig. 1a is a schematic diagram illustrating steps of a transaction processing method based on a blockchain according to an embodiment of the present disclosure.
Fig. 1b is a second schematic step diagram of a transaction processing method based on a blockchain according to an embodiment of the present disclosure.
Fig. 2 is a schematic structural diagram of a transaction processing apparatus based on a blockchain according to an embodiment of the present disclosure.
Fig. 3 is a schematic structural diagram of an electronic device provided in an embodiment of the present specification.
Detailed Description
In order to make the technical solutions in the present specification better understood, the technical solutions in one or more embodiments of the present specification will be clearly and completely described below with reference to the accompanying drawings in one or more embodiments of the present specification, and it is obvious that the one or more embodiments described are only a part of the embodiments of the present specification, and not all embodiments. All other embodiments that can be derived by a person skilled in the art from one or more of the embodiments described herein without making any inventive step shall fall within the scope of protection of this document.
Example one
Referring to fig. 1a, a schematic step diagram of a transaction processing method based on a blockchain provided for an embodiment of the present specification is to be understood that the method is applied to a blockchain network including a plurality of blockchain nodes, where each of the blockchain nodes is deployed with a trusted execution environment; and the execution body can be a blockchain transaction processing device, and the blockchain-based transaction processing device can be a blockchain link point.
It should be understood that in the embodiments of the present specification, the trusted execution environment may satisfy the following conditions: 1. a remote certificate may be generated to verify authenticity of the trusted execution environment; 2. the difficulty of attacking the computing and executing environment is high, and the access of the external environment can be isolated from the hard aspect; 3. an internal shared key can be generated according to system configuration, the internal shared key cannot be acquired from the outside, and the trusted execution environment can use the internal shared key to package, store and export internal data; 4. a unique public-private key pair may be generated within the trusted execution environment for encrypting the communication protocol. In other words, in the embodiments of the present specification, all blockchain nodes in the blockchain network satisfy the above conditions and have the above mentioned functions.
The method may comprise the steps of:
step 102: and the block chain node receives a transaction sent by a service initiator, wherein the transaction is obtained by signature of a private key of the service initiator and encryption by using a public key of a trusted execution environment deployed by each block chain node of the block chain network.
It should be understood that each blockchain node in the blockchain network is deployed with a trusted execution environment, and the public-private key pair used by these trusted execution environments is the same, and the internal shared key is the same. However, users of each blockchain node and the control blockchain node cannot know the nodes and are limited to use in the trusted execution environment.
Therefore, before transaction processing, a public key in a public-private key pair in a trusted execution environment is disclosed, a service initiator can sign a transaction by using a private key of the service initiator, then encrypt the signed transaction by using the public key of the trusted execution environment, and send the encrypted transaction to a block chain node, wherein the block chain node and the service initiator can communicate through a secure transport layer protocol T L S, so that the security of a transmission channel is guaranteed, and the data privacy is guaranteed.
Step 104: the transaction is decrypted based on a private key of the trusted execution environment and, after the verification signature passes, the transaction is executed within a local trusted execution environment.
In the embodiment of the present specification, since the transaction received by the block node is encrypted, the content of the transaction and other information carried by the transaction, including privacy information, cannot be directly obtained, so that a good privacy protection effect is achieved.
Although the blockchain node cannot directly acquire information such as the content of the transaction, the blockchain node can analyze and process the encrypted transaction based on a locally deployed trusted execution environment. In particular, the transaction may be parsed based on a private key of the trusted execution environment and then the signature verified using a public key of the transaction initiator. And upon verification, executing the transaction within the trusted execution environment. The implementation of executing the transaction may refer to the existing scheme, which is not described herein.
Step 106: and encrypting and storing state data generated by executing the transaction by adopting the shared secret key of the trusted execution environment.
And meanwhile, after the execution transaction is finished, the generated state data is packaged, encrypted and stored by adopting a shared key in the trusted execution environment. Therefore, the block chain nodes on the block chain network cannot be known, and only the inside of the trusted execution environment can be analyzed, so that the protection and isolation of private data are effectively realized.
The saved state data and other information related to the transaction are marked with the transaction identifier for subsequent inquiry.
In the embodiments of the present specification, the encrypted transaction, the result of executing the transaction, and the information such as the state data may be encrypted and stored by using the shared key. An implementation scheme can directly package the encryption to be saved outside the trusted execution environment, namely, other media of the blockchain node or storage space outside the blockchain network or other blockchain nodes on the blockchain network. Therefore, data can be guaranteed to be encrypted all the time, and privacy disclosure is prevented.
Further, as shown in fig. 1b, after executing the transaction, the method may further include the following operations:
step 108: receiving an inquiry request sent by a service initiator, wherein the inquiry request carries a signature of the service initiator and a transaction identifier to be inquired.
In specific implementation, the signature carried in the query request may be implemented by the service initiator based on a private key in its public-private key pair, that is, the query request is signed by using the private key. In fact, other verifiable signatures are not excluded and are not described in detail herein.
Step 110: and after the verification signature passes and the service initiator is determined to have the query authority, querying the state data corresponding to the transaction identifier.
After receiving the query request, the block link nodes verify the signature in the query request by adopting a public key which is externally disclosed by a service initiator; meanwhile, whether the service initiator has the inquiry authority or not can be checked from the authority information stored in the block chain. And if the authority information records the service initiator and the recorded information indicates that the service initiator has the inquiry authority, inquiring the state data corresponding to the transaction identifier for the service initiator.
It should be understood that, in this embodiment of the present specification, the authority information stored on the blockchain may be added after the service initiator acquires the authority by means of registration at the time of system initialization, or may be added after the blockchain node receives and processes the transaction of the service initiator. The authority information may record whether the service initiator having the transaction has the inquiry authority.
Step 112: and after decrypting the state data by adopting the shared secret key of the trusted execution environment, returning the state data to the service initiator through an encrypted communication link.
After inquiring the state data corresponding to the transaction identifier, considering that the state data is stored in an encrypted manner, the state data can be decrypted by using a shared key in a trusted execution environment and then returned to the service initiator through an encrypted communication link, wherein the block link node and the service initiator can communicate through a secure transport layer protocol T L S, so that the security of a transmission channel is guaranteed, and the data privacy is guaranteed.
When the block chain nodes and other block chain nodes perform transaction synchronization, the shared secret key is used for encrypting the transaction and transmitting the transaction through an encrypted communication link, only a trusted execution environment decrypts the transaction data and the state data, the data safety is ensured, and privacy disclosure is avoided, wherein the plurality of block chain nodes are communicated through a safe transmission layer protocol T L S, so that the safety of a transmission channel is ensured, and the data privacy is ensured.
According to the technical scheme, a trusted execution environment is deployed on each block chain link point on a block chain network, received transactions are signed by a private key of a service initiator, public keys of the trusted execution environments deployed on the block chain link points of the block chain network are used for encryption processing, so that the transactions can be decrypted based on the private key of the trusted execution environment, the transactions are executed in a local trusted execution environment after the signature is verified to pass, state data generated by the executed transactions are encrypted and stored by adopting a shared secret key of the trusted execution environment, therefore, the data such as the transactions and the states are only obtained by decryption of the trusted execution environment, the block chain link points and the external environment of the block chain cannot be obtained by analysis, data safety and privacy disclosure are guaranteed, the data such as the transactions and the states are transmitted to communicate through T L S, and safety and data privacy of a transmission channel are guaranteed.
Example two
Referring to fig. 2, a block chain-based transaction processing apparatus 200 provided in this embodiment of the present disclosure may specifically be a block chain node in a block chain network, where each block chain node is deployed with a trusted execution environment; the apparatus 200 may include:
the receiving module 202 is configured to receive a transaction sent by a service initiator, where the transaction is signed by a private key of the service initiator and is obtained by encrypting a public key of a trusted execution environment deployed at each block link node of the block chain network;
the execution module 204 decrypts the transaction based on the private key of the trusted execution environment, and executes the transaction in the local trusted execution environment after the signature is verified;
and the storage module 206 is configured to encrypt and store the state data generated by executing the transaction with the shared key of the trusted execution environment.
Optionally, as an embodiment, the receiving module further receives an inquiry request sent by a service initiator, where the inquiry request carries a signature of the service initiator and a transaction identifier to be inquired;
the device further comprises: the system comprises a query module and a return module;
the inquiry module inquires the state data corresponding to the transaction identifier after the signature passes verification and the service initiator is determined to have inquiry authority;
and the return module is used for decrypting the state data by adopting the shared key of the trusted execution environment and returning the state data to the service initiator through an encrypted communication link.
In a specific implementation manner of the embodiment of this specification, the apparatus further includes: and the synchronization module encrypts the transaction by adopting the shared secret key and transmits the transaction through the encrypted communication link.
In another specific implementation manner of the embodiment of the present specification, the apparatus further includes: a communication module;
the communication module communicates with the service initiator through a secure transport layer protocol T L S and communicates with other blockchain nodes in the plurality of blockchain nodes through a secure transport layer protocol T L S.
According to the technical scheme, a trusted execution environment is deployed on each block chain link point on a block chain network, received transactions are signed by a private key of a service initiator, public keys of the trusted execution environments deployed on the block chain link points of the block chain network are used for encryption processing, so that the transactions can be decrypted based on the private key of the trusted execution environment, the transactions are executed in a local trusted execution environment after the signature is verified to pass, state data generated by the executed transactions are encrypted and stored by adopting a shared secret key of the trusted execution environment, therefore, the data such as the transactions and the states are only obtained by decryption of the trusted execution environment, the block chain link points and the external environment of the block chain cannot be obtained by analysis, data safety and privacy disclosure are guaranteed, the data such as the transactions and the states are transmitted to communicate through T L S, and safety and data privacy of a transmission channel are guaranteed.
EXAMPLE III
Fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure. Referring to fig. 3, at a hardware level, the electronic device includes a processor, and optionally further includes an internal bus, a network interface, and a memory. The Memory may include a Memory, such as a Random-Access Memory (RAM), and may further include a non-volatile Memory, such as at least 1 disk Memory. Of course, the electronic device may also include hardware required for other services.
The processor, the network interface, and the memory may be connected to each other via an internal bus, which may be an ISA (Industry Standard Architecture) bus, a PCI (peripheral component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 3, but this does not indicate only one bus or one type of bus.
And the memory is used for storing programs. In particular, the program may include program code comprising computer operating instructions. The memory may include both memory and non-volatile storage and provides instructions and data to the processor.
The processor reads the corresponding computer program from the nonvolatile memory into the memory and then runs the computer program to form the transaction processing device based on the block chain on the logic level. The processor is used for executing the program stored in the memory and is specifically used for executing the following operations:
receiving a transaction sent by a service initiator, wherein the transaction is signed by a private key of the service initiator and is obtained by encrypting a public key of a trusted execution environment deployed by each block link point of the block chain network;
decrypting the transaction based on a private key of the trusted execution environment and executing the transaction within a local trusted execution environment after the verification signature passes;
and encrypting and storing state data generated by executing the transaction by adopting the shared secret key of the trusted execution environment.
The method performed by the apparatus according to the embodiment shown in fig. 1 of the present specification may be implemented in or by a processor. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components. The methods, steps, and logic blocks disclosed in one or more embodiments of the present specification may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with one or more embodiments of the present disclosure may be embodied directly in hardware, in a software module executed by a hardware decoding processor, or in a combination of the hardware and software modules executed by a hardware decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor.
The electronic device may also execute the method of fig. 1 and implement the functions of the corresponding apparatus in the embodiment shown in fig. 1, which are not described herein again in this specification.
Of course, besides the software implementation, the electronic device of the embodiment of the present disclosure does not exclude other implementations, such as a logic device or a combination of software and hardware, and the like, that is, the execution subject of the following processing flow is not limited to each logic unit, and may also be hardware or a logic device.
According to the technical scheme, a trusted execution environment is deployed on each block chain link point on a block chain network, received transactions are signed by a private key of a service initiator, public keys of the trusted execution environments deployed on the block chain link points of the block chain network are used for encryption processing, so that the transactions can be decrypted based on the private key of the trusted execution environment, the transactions are executed in a local trusted execution environment after the signature is verified to pass, state data generated by the executed transactions are encrypted and stored by adopting a shared secret key of the trusted execution environment, therefore, the data such as the transactions and the states are only obtained by decryption of the trusted execution environment, the block chain link points and the external environment of the block chain cannot be obtained by analysis, data safety and privacy disclosure are guaranteed, the data such as the transactions and the states are transmitted to communicate through T L S, and safety and data privacy of a transmission channel are guaranteed.
Example four
Embodiments of the present specification also propose a computer-readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed by a portable electronic device comprising a plurality of application programs, are capable of causing the portable electronic device to perform the method of the embodiment shown in fig. 1, and in particular for performing the method of:
receiving a transaction sent by a service initiator, wherein the transaction is signed by a private key of the service initiator and is obtained by encrypting a public key of a trusted execution environment deployed by each block link point of the block chain network;
decrypting the transaction based on a private key of the trusted execution environment and executing the transaction within a local trusted execution environment after the verification signature passes;
and encrypting and storing state data generated by executing the transaction by adopting the shared secret key of the trusted execution environment.
According to the technical scheme, a trusted execution environment is deployed on each block chain link point on a block chain network, received transactions are signed by a private key of a service initiator, public keys of the trusted execution environments deployed on the block chain link points of the block chain network are used for encryption processing, so that the transactions can be decrypted based on the private key of the trusted execution environment, the transactions are executed in a local trusted execution environment after the signature is verified to pass, state data generated by the executed transactions are encrypted and stored by adopting a shared secret key of the trusted execution environment, therefore, the data such as the transactions and the states are only obtained by decryption of the trusted execution environment, the block chain link points and the external environment of the block chain cannot be obtained by analysis, data safety and privacy disclosure are guaranteed, the data such as the transactions and the states are transmitted to communicate through T L S, and safety and data privacy of a transmission channel are guaranteed.
In short, the above description is only a preferred embodiment of the present disclosure, and is not intended to limit the scope of the present disclosure. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present specification shall be included in the protection scope of the present specification.
The system, apparatus, module or unit illustrated in one or more of the above embodiments may be implemented by a computer chip or an entity, or by an article of manufacture with a certain functionality. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Claims (10)
1. A transaction processing method based on a blockchain is applied to a blockchain network comprising a plurality of blockchain nodes, wherein each blockchain node is provided with a trusted execution environment; the method comprises the following steps:
the block chain node receives a transaction sent by a service initiator, wherein the transaction is obtained by signature of a private key of the service initiator and encryption by using a public key of a trusted execution environment deployed by each block chain node of the block chain network;
decrypting the transaction based on a private key of the trusted execution environment and executing the transaction within a local trusted execution environment after the verification signature passes;
and encrypting and storing state data generated by executing the transaction by adopting the shared secret key of the trusted execution environment.
2. The method of claim 1, further comprising:
receiving an inquiry request sent by a service initiator, wherein the inquiry request carries a signature of the service initiator and a transaction identifier to be inquired;
after the verification signature passes and the service initiator is determined to have the query authority, querying state data corresponding to the transaction identifier;
and after decrypting the state data by adopting the shared secret key of the trusted execution environment, returning the state data to the service initiator through an encrypted communication link.
3. The method of claim 1, wherein the block nodes encrypt transactions using a shared key and transmit the encrypted transactions over the encrypted communication link when synchronizing the transactions with other block nodes.
4. A method according to any one of claims 1 to 3, wherein the blockchain nodes communicate with the service originator via a secure transport layer protocol T L S, and wherein the plurality of blockchain nodes communicate with each other via a secure transport layer protocol T L S.
5. A transaction processing device based on a blockchain is applied to a blockchain network comprising a plurality of blockchain nodes, wherein each blockchain node is provided with a trusted execution environment; the device comprises:
the receiving module is used for receiving a transaction sent by a service initiator, wherein the transaction is obtained by signature of a private key of the service initiator and encryption by using a public key of a trusted execution environment deployed by each block link node of the block chain network;
the execution module is used for decrypting the transaction based on the private key of the trusted execution environment and executing the transaction in the local trusted execution environment after the signature passes verification;
and the storage module is used for encrypting and storing the state data generated by executing the transaction by adopting the shared key of the trusted execution environment.
6. The apparatus of claim 5, wherein the receiving module further receives an inquiry request sent by a service initiator, wherein the inquiry request carries a signature of the service initiator and a transaction identifier to be inquired;
the device further comprises: the system comprises a query module and a return module;
the inquiry module inquires the state data corresponding to the transaction identifier after the signature passes verification and the service initiator is determined to have inquiry authority;
and the return module is used for decrypting the state data by adopting the shared key of the trusted execution environment and returning the state data to the service initiator through an encrypted communication link.
7. The apparatus of claim 5, further comprising: the synchronization module is used for synchronizing the data of the data transmission system,
the synchronization module encrypts the transaction using the shared secret key and transmits the transaction via the encrypted communication link.
8. The apparatus of any of claims 5-7, further comprising: a communication module;
the communication module communicates with the service initiator through a secure transport layer protocol T L S and communicates with other blockchain nodes in the plurality of blockchain nodes through a secure transport layer protocol T L S.
9. An electronic device, comprising:
a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to perform:
receiving a transaction sent by a service initiator, wherein the transaction is signed by a private key of the service initiator and is obtained by encrypting a public key of a trusted execution environment deployed by each block link point of the block chain network;
decrypting the transaction based on a private key of the trusted execution environment and executing the transaction within a local trusted execution environment after the verification signature passes;
and encrypting and storing state data generated by executing the transaction by adopting the shared secret key of the trusted execution environment.
10. A computer-readable storage medium storing one or more programs that, when executed by an electronic device including a plurality of application programs, cause the electronic device to perform:
receiving a transaction sent by a service initiator, wherein the transaction is signed by a private key of the service initiator and is obtained by encrypting a public key of a trusted execution environment deployed by each block link point of the block chain network;
decrypting the transaction based on a private key of the trusted execution environment and executing the transaction within a local trusted execution environment after the verification signature passes;
and encrypting and storing state data generated by executing the transaction by adopting the shared secret key of the trusted execution environment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010242577.9A CN111461883A (en) | 2020-03-31 | 2020-03-31 | Transaction processing method and device based on block chain and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010242577.9A CN111461883A (en) | 2020-03-31 | 2020-03-31 | Transaction processing method and device based on block chain and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111461883A true CN111461883A (en) | 2020-07-28 |
Family
ID=71683414
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010242577.9A Pending CN111461883A (en) | 2020-03-31 | 2020-03-31 | Transaction processing method and device based on block chain and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111461883A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111914293A (en) * | 2020-07-31 | 2020-11-10 | 平安科技(深圳)有限公司 | Data access authority verification method and device, computer equipment and storage medium |
| CN112202564A (en) * | 2020-09-14 | 2021-01-08 | 成都质数斯达克科技有限公司 | Transaction transfer method and device, electronic equipment and readable storage medium |
| CN112287379A (en) * | 2020-12-24 | 2021-01-29 | 北京百度网讯科技有限公司 | Service data using method, device, equipment, storage medium and program product |
| CN112532393A (en) * | 2020-11-20 | 2021-03-19 | 杭州趣链科技有限公司 | Verification method of cross-link transaction, relay link node equipment and medium |
| CN112560104A (en) * | 2021-01-17 | 2021-03-26 | 梁志彬 | Data storage method and safety information platform based on cloud computing and block chain |
| CN112788111A (en) * | 2020-12-29 | 2021-05-11 | 杭州趣链科技有限公司 | Algorithm cooperative processing method of multi-node equipment, node equipment and alliance network |
| CN113239403A (en) * | 2021-06-03 | 2021-08-10 | 光大科技有限公司 | Data sharing method and device |
| CN113421092A (en) * | 2021-06-30 | 2021-09-21 | 中国银行股份有限公司 | Block chain system, client and storage system and method of transaction data |
| CN114285555A (en) * | 2021-12-15 | 2022-04-05 | 支付宝(杭州)信息技术有限公司 | Multicast method and device based on block chain |
| CN115345616A (en) * | 2022-10-18 | 2022-11-15 | 上海特高信息技术有限公司 | Safety execution device for online signature of block chain transaction and working method thereof |
| CN118368155A (en) * | 2024-06-20 | 2024-07-19 | 广东省电信规划设计院有限公司 | Data transmission method and device based on block chain and trusted execution environment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110008736A (en) * | 2019-01-31 | 2019-07-12 | 阿里巴巴集团控股有限公司 | The method and node, storage medium of secret protection are realized in block chain |
| CN110020855A (en) * | 2019-01-31 | 2019-07-16 | 阿里巴巴集团控股有限公司 | Method, the node, storage medium of secret protection are realized in block chain |
| CN110519260A (en) * | 2019-08-23 | 2019-11-29 | 联想(北京)有限公司 | A kind of information processing method and information processing unit |
| CN110580414A (en) * | 2019-11-08 | 2019-12-17 | 支付宝(杭州)信息技术有限公司 | private data query method and device based on block chain account |
-
2020
- 2020-03-31 CN CN202010242577.9A patent/CN111461883A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110008736A (en) * | 2019-01-31 | 2019-07-12 | 阿里巴巴集团控股有限公司 | The method and node, storage medium of secret protection are realized in block chain |
| CN110020855A (en) * | 2019-01-31 | 2019-07-16 | 阿里巴巴集团控股有限公司 | Method, the node, storage medium of secret protection are realized in block chain |
| CN110519260A (en) * | 2019-08-23 | 2019-11-29 | 联想(北京)有限公司 | A kind of information processing method and information processing unit |
| CN110580414A (en) * | 2019-11-08 | 2019-12-17 | 支付宝(杭州)信息技术有限公司 | private data query method and device based on block chain account |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021139338A1 (en) * | 2020-07-31 | 2021-07-15 | 平安科技(深圳)有限公司 | Data access permission verification method and apparatus, computer device, and storage medium |
| CN111914293B (en) * | 2020-07-31 | 2024-05-24 | 平安科技(深圳)有限公司 | Data access right verification method and device, computer equipment and storage medium |
| CN111914293A (en) * | 2020-07-31 | 2020-11-10 | 平安科技(深圳)有限公司 | Data access authority verification method and device, computer equipment and storage medium |
| CN112202564A (en) * | 2020-09-14 | 2021-01-08 | 成都质数斯达克科技有限公司 | Transaction transfer method and device, electronic equipment and readable storage medium |
| CN112532393A (en) * | 2020-11-20 | 2021-03-19 | 杭州趣链科技有限公司 | Verification method of cross-link transaction, relay link node equipment and medium |
| CN112287379A (en) * | 2020-12-24 | 2021-01-29 | 北京百度网讯科技有限公司 | Service data using method, device, equipment, storage medium and program product |
| CN112788111A (en) * | 2020-12-29 | 2021-05-11 | 杭州趣链科技有限公司 | Algorithm cooperative processing method of multi-node equipment, node equipment and alliance network |
| CN112560104A (en) * | 2021-01-17 | 2021-03-26 | 梁志彬 | Data storage method and safety information platform based on cloud computing and block chain |
| CN113239403A (en) * | 2021-06-03 | 2021-08-10 | 光大科技有限公司 | Data sharing method and device |
| CN113421092A (en) * | 2021-06-30 | 2021-09-21 | 中国银行股份有限公司 | Block chain system, client and storage system and method of transaction data |
| CN114285555A (en) * | 2021-12-15 | 2022-04-05 | 支付宝(杭州)信息技术有限公司 | Multicast method and device based on block chain |
| CN115345616A (en) * | 2022-10-18 | 2022-11-15 | 上海特高信息技术有限公司 | Safety execution device for online signature of block chain transaction and working method thereof |
| CN118368155A (en) * | 2024-06-20 | 2024-07-19 | 广东省电信规划设计院有限公司 | Data transmission method and device based on block chain and trusted execution environment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111461883A (en) | Transaction processing method and device based on block chain and electronic equipment | |
| CN109327314B (en) | Service data access method, device, electronic equipment and system | |
| CN108055125B (en) | Method and device for encrypting and decrypting product information | |
| CN112184222B (en) | Service processing method, device and equipment based on block chain | |
| US10671733B2 (en) | Policy enforcement via peer devices using a blockchain | |
| WO2020238248A1 (en) | Data storage method, apparatus and device | |
| CN114257382B (en) | Key management and service processing method, device and system | |
| US20140351583A1 (en) | Method of implementing a right over a content | |
| CN110246039B (en) | Transaction monitoring method and device based on alliance chain and electronic equipment | |
| CN111786968B (en) | Privacy-protecting data reporting method, device and system and electronic equipment | |
| CN114338091B (en) | Data transmission method, device, electronic equipment and storage medium | |
| CN116781292A (en) | Data processing method, device, equipment and readable storage medium | |
| CN111431918B (en) | Method and system for determining state label of target user based on block chain | |
| CN113704734A (en) | Distributed digital identity-based method for realizing certificate verification and related device | |
| CN111600882A (en) | Block chain-based account password management method and device and electronic equipment | |
| CN110866284A (en) | Data fusion processing method, device and system based on privacy data protection | |
| CN111371785A (en) | Block chain privacy transaction method and device and electronic equipment | |
| CN116346341A (en) | Private key protection and server access method, system, equipment and storage medium | |
| TWI546698B (en) | Login system based on servers, login authentication server, and authentication method thereof | |
| CN116522356A (en) | Data query method and device | |
| US11870887B2 (en) | Managing central secret keys of a plurality of user devices associated with a single public key | |
| CN111461884A (en) | Trusted computing service sharing method, device and system based on block chain | |
| CN106411826A (en) | Data access method and equipment thereof | |
| CN114826653B (en) | Credential verification method, system, device, equipment and storage medium based on blockchain network | |
| CN113946864B (en) | Confidential information acquisition method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200728 |